The high importance of the availability of end user computing systems raises the need for effective and efficient helpdesk systems. However, research shows that the adoption and diffusion of such systems is surprisingly low. Classical approaches to deal with this problem solely focus on the system itself, especially by focusing on the quality of the helpdesk. But this neglects the fact, that problem solving often takes place in unofficial personal networks. This aspect gains importance due to the increasing relevance of team-based work structures. Motivated by this, we present a model of adoption of helpdesk system that considers the quality of personal networks as influencing factor for the level of adoption.

Risks and especially information technology (IT) risks are hotly debated today in practice, furthermore many theories have evolved around this term. And also in IT management and IT controlling perspectives on risk, especially security, emerged. Surprisingly no dominant definition has emerged yet and consequently not one single classification or structure for the various kinds of risk exists. This paper tries to give a more concise definition and shows that the management of IT risks is not just a current hype but is of the utmost importance, especially to avoid and mitigate the effects of high impact events. A research agenda to address this important topic is proposed at the end of the paper.

Web services are praised by research and practitioners as a powerful device to integrate business processes even across firm boundaries. But sometimes even apparently simple operations are not ideally suited to be implemented by web services. This paper employs a case example to explain potential business factors that can restrain web services from unfolding their full potential. Based on a simple causal model for software risk this paper then analyzes why web services should be preferably employed even in untypical usage scenarios to capture additional benefits from improved software risk mitigation.

The Next Wave in IT Infrastructure Risk Management - A Causal Modeling Approach with Bayesian Belief Networks

In: 2006 IRMA International Conference; Washington

Category: Proceedings

Abstract

The management of risks associated with information technology (IT) infrastructure becomes increasingly important, as companies may face severe negative outcomes in case of failures. This paper proposes a new approach to manage IT infrastructure risks even in highly dynamic environments. Currently, IT infrastructure and its risks are managed based on historical loss data, which allows very precise forecasts for potential risks in stable environments. However, for the increasing number of firms facing dynamic environments like outsourcing or merger scenarios, historical data is not an adequate estimator for future events. Therefore, the next wave in IT infrastructure risk management has to employ more adaptive strate-gies. Based on an ongoing case study with two leading IT consultancies and an international service enterprise, this paper demonstrates, how causal modeling with Bayesian Belief Networks enables the prediction and, most important, the proactive management of IT infrastructure risks.

This paper adds the aspect of problem solving in personal networks to an existing risk assessment model of end-user computing technology. Due to various reasons, information technology (IT) risk assessment for end-user computing systems like desktop computers is gaining importance, especially the availability of these systems. Users are a vital part of these systems, and any user incident renders the system unavailable until the incident is resolved. Classical approaches only consider measurable user incidents. However, this neglects the fact, that a lot of problem solving takes place in unofficial personal networks. Based on expert interviews, we present an approach that integrates personal network characteristics into a causal model for risk assessment and give an outlook to further research.

Balanced Scorecard (BSC) is one of the most important and widely adopted performance measurement methods, and especially its recently evolving usage for IT governance makes it an attractive tool to measure and evaluate IT contribution to firm performance. Integral parts are corporate causality relationships that are modeled within the BSC. Surprisingly, these causalities within the Balanced Scorecard approach are neither thoroughly introduced in theory nor applied in practice in a sound way. In this paper, an integrated approach is developed which addresses both challenges. It is shown how causal modeling employing Bayesian Belief Networks can be used to improve Balanced Scorecard methodology and to support organizations in introducing a Balanced Scorecard. The integration allows for an a priori validation of causalities with significantly reduced effort in validity maintenance and results in better prediction of value chain figures and enhanced corporate learning.

Financial institutions are part of the backbone of modern nations in the same way electrical power grids and trans-portation infrastructures are. Therefore, breakdowns of single banks or whole financial centers could have a mas-sive impact not only on the affected banks but also on the entire economy (systemic risk). As financial institutions rely heavily on information technology (IT), this is one of their major risk categories. Despite its importance, the research on identifying and mitigating the operational risks associated with IT is still quite immature in theory and in practice, leaving managers without sound decision support. Based on an overview of relevant threats and their possible impacts, this paper derives requirements for a sound decision support system supporting operational risk management in IT.

Operational risk and outsourcing are two major topics on today's agenda of top executives, especially in the banking industry. This paper introduces a framework to classify operational risk in outsourcing in a way that generates quantifiable output for measurement purposes. The authors developed a matrix system that deploys a catalogue of sources of risk and a mu-tually exclusive yet exhaustive system of measurable impact areas. It is shown that this framework adds to the understanding of operational risk as its application enhances trans-parency through the transformation of often vague risk descriptions to quantifiable risk indi-cators. An overview of the current IS literature on risks in outsourcing combined with a criti-cal assessments of deficiencies for transparent risk classification serves as a input for the classification process.

Reference No.: 2004-68

Presentations:

2006

Risks and especially information technology (IT) risks are hotly debated today in practice, furthermore many theories have evolved around this term. And also in IT management and IT controlling perspectives on risk, especially security, emerged. Surprisingly no dominant definition has emerged yet and consequently not one single classification or structure for the various kinds of risk exists. This paper tries to give a more concise definition and shows that the management of IT risks is not just a current hype but is of the utmost importance, especially to avoid and mitigate the effects of high impact events. A research agenda to address this important topic is proposed at the end of the paper.

Assessing the Risks of IT Infrastructure – A Personal Network Perspective

In: IWI Forschungskolloquium 2006; Roßbach

Abstract

This paper adds the aspect of problem solving in personal networks to an existing risk assessment model of end-user computing technology. Due to various reasons, information technology (IT) risk assessment for end-user computing systems like desktop computers is gaining importance, especially the availability of these systems. Users are a vital part of these systems, and any user incident renders the system unavailable until the incident is resolved. Classical approaches consider only measurable user incidents. This neglects the fact, that a lot of problem solving takes place in unofficial personal networks. Based on expert interviews, this paper presents an approach that integrates personal network characteristics into a causal model for risk assessment and gives an outlook to further research.

Despite its importance, the research on the operational risks arising from information technology (IT) is still quite immature both in theory and in practice, leaving managers without sound decision support. Especially IT infrastructure worries managers and researchers alike. To improve the risk management process including assessment and communication, a model-driven approach with a strong focus on end-user computing is developed to manage IT risks even in highly dynamic environments like outsourcing or merger scenarios. Based on a case study with two leading IT consultancies and a global service enterprise utilizing incident data from over 30,000 computers, it is shown, that causal modeling with Bayesian Belief Networks (BBN) enables the assessment and, most important, the proactive management of IT infrastructure risks. To facilitate the communication of this sophisticated method, it can be seamlessly combined with the economic theory of Balanced Scorecard (BSC). At the same time, causal modeling employing BBNs can be used to improve Balanced Scorecard methodology. Special focus is given to the users as a vital part of end-user computing. Both theory and the company data indicate their importance, therefore personal network characteristics have been integrated to further improve the predictive power of the causal model.

This paper adds the aspect of problem solving in personal networks to an existing risk assessment model of end-user computing technology. Due to various reasons, information technology (IT) risk assessment for end-user computing systems like desktop computers is gaining importance, especially the availability of these systems. Users are a vital part of these systems, and any user incident renders the system unavailable until the incident is resolved. Classical approaches consider only measurable user incidents. This neglects the fact, that a lot of problem solving takes place in unofficial personal networks. Based on expert interviews, this paper presents an approach that integrates personal network characteristics into a causal model for risk assessment and gives an outlook to further research.

Balanced Scorecard (BSC) is one of the most important and widely adopted performance measurement methods, and especially its recently evolving usage for IT governance makes it an attractive tool to measure and evaluate IT contribution to firm performance. Integral parts are corporate causality relationships that are modeled within the BSC. Surprisingly, these causalities within the Balanced Scorecard approach are neither thoroughly introduced in theory nor applied in practice in a sound way. In this paper, an integrated approach is developed which addresses both challenges. It is shown how causal modeling employing Bayesian Belief Networks can be used to improve Balanced Scorecard methodology and to support organizations in introducing a Balanced Scorecard. The integration allows for an a priori validation of causalities with significantly reduced effort in validity maintenance and results in better prediction of value chain figures and enhanced corporate learning.

Financial institutions are part of the backbone of modern nations in the same way electrical power grids and trans-portation infrastructures are. Therefore, breakdowns of single banks or whole financial centers could have a mas-sive impact not only on the affected banks but also on the entire economy (systemic risk). As financial institutions rely heavily on information technology (IT), this is one of their major risk categories. Despite its importance, the research on identifying and mitigating the operational risks associated with IT is still quite immature in theory and in practice, leaving managers without sound decision support. Based on an overview of relevant threats and their possible impacts, this paper derives requirements for a sound decision support system supporting operational risk management in IT.